[Seaside] authentication for seaside
Paul DeBruicker
pdebruic at gmail.com
Wed Dec 29 16:42:42 UTC 2010
On 12/29/2010 11:13 AM, seaside-request at lists.squeakfoundation.org wrote:
> Message: 3
> Date: Wed, 29 Dec 2010 11:50:04 -0300
> From: andres<andres at lifia.info.unlp.edu.ar>
> Subject: Re: [Seaside] authentication for seaside
> To: Seaside - general discussion<seaside at lists.squeakfoundation.org>
> Message-ID:<4D1B4A9C.8040307 at lifia.info.unlp.edu.ar>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> There are many views on this topic, and most of them are right to a
> certain extent. I particularly agree with the title of this post
> http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
> and with some parts of the article itself. I've been doing some research
> recently regarding password storing, why it should be avoided if
> possible and what you should do if you have no alternativa; maybe these
> links are helpful to someone else:
>
> http://www.openwall.com/articles/PHP-Users-Passwords
> http://www.securityfocus.com/columnists/388/
> http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html
> http://www.wired.com/politics/security/commentary/securitymatters/2006/12/72300
> http://www.skrenta.com/2007/08/md5_tutorial.html
> http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html
> http://blog.moertel.com/articles/2006/12/15/never-store-passwords-in-a-database
> http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
> http://chargen.matasano.com/chargen/2006/4/28/oh-meebo.html
>
> HTH,
> Andrés
I'd just like to add this link:
http://codahale.com/how-to-safely-store-a-password/
to the list. There is not yet a bcrypt or scrypt implementation in the
Cryptography package.
More information about the seaside
mailing list